package org.huqiwen.blog.logic;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import org.huqiwen.blog.dao.DataSource;

/**
 * 处理登录的业务逻辑
 * @author Administrator
 *
 */
public class LoginLogicBean {
	/**
	 * 判断用户名在数据库中是否存在，如果存在，用户名和密码是否正确，并返回相应的标识
	 * @param username
	 * @param password
	 * @return
	 */
	public String verify(String username,String password){
		String result = null;
		PreparedStatement stmt = null;
		ResultSet rs = null;
		try{
			//SQL语句没有使用prepareStatement，避免可能出现的SQL注入隐患
			stmt = DataSource.getConnection().prepareStatement("select user_pass from user where user_name = ?");
			stmt.setString(1, username);
			rs = stmt.executeQuery();
			if (rs.next()) {
				if(password.equals(rs.getString(1))){
					result = "OK";
				}
				else {
					result = "PWD";
				}
			}else {
				result = "NOUSER";
			}
		}catch(SQLException e){
			e.printStackTrace();
		}finally{
			try {
				if(stmt!=null) stmt.close();
				if(rs!=null) rs.close();
			} catch (SQLException e) {
				e.printStackTrace();
			}
		}
		return result;
	}

}
